From mboxrd@z Thu Jan 1 00:00:00 1970 From: tfb@tfeb.org (Tim Bradshaw) Date: Mon, 13 Jan 2014 10:37:25 +0000 Subject: [TUHS] History of chown semantics In-Reply-To: <20140113070543.GC22593@mercury.ccil.org> References: <20140109191336.GD24304@mercury.ccil.org> <5128EE1B-28A2-4D5E-AE32-BEC6652DF1A1@tfeb.org> <20140110171819.GA14513@mercury.ccil.org> <8F58DE51-60E5-4E41-AAEF-78CAC3C08DBC@tfeb.org> <20140113070543.GC22593@mercury.ccil.org> Message-ID: <9D0D12F6-B198-4793-8501-E366FC7E5CB1@tfeb.org> I think that this is off-topic now, so I won't respond further in this thread. > Which is to say, the file owner is irrelevant to the quota system, only > the pathname matters. Indeed, *because that's the only way you can do it without quotas*, which was my whole point. > Again, how can any of this be corrupted by free chown-ing? For instance imagine I want to pass some customer data to which I have access to you, who con't have access, for purposes of malice. I know that leaving a world-readable file will be spotted. So I put them in a file which is 600 in /tmp, and chown it to you. Not only can't this be easily spotted without system-call auditing (which people generally do not do), but if it is spotted it looks like it's your fault since you own the file. File ownership does matter.